I want to create a network address translation (NAT) instance in a public subnet of my Amazon Virtual Private Cloud (VPC) to enable instances in the VPC private subnet to initiate outbound traffic to the Internet or other AWS services. How can I create a NAT instance in a public subnet of my VPC for this purpose?

Because NAT instances are not managed by AWS, you are responsible for maintaining software and security updates, managing instance failures, and ensuring that inbound traffic is controlled with security groups. Customers can deploy AWS software that is not managed by AWS, but responsibility for the proper maintenance and management of the software then becomes a mutual endeavor as described in the AWS Shared Responsibility Model.

Note For common use cases, we recommend that you use a NAT gateway instead of a NAT instance. For more information about using a NAT gateway see Migrating From a NAT Instance in the Amazon Virtual Private Cloud User Guide.

Unless traffic is minimal, choose an instance type with enhanced networking, such as c4.large.

Choose Configure Instance Details.

Choose a Public Subnet (with IGW) in your VPC. Check each subnet in VPC Console Subnets if you are unsure. For a public subnet, the Route Table tab will specify a Destination similar to the following: 0.0.0.0/0 igw-abcd1234.

After installation is complete, you could run the following commands from the Linux shell to set the number of connections that should be monitored for purposes of optimizing the performance of the NAT instance: